Solved

Problem after rename of a domain controller

Posted on 2010-08-18
12
1,554 Views
Last Modified: 2012-05-10
I've decommissioned and domain controller (dc5) and then after a day renamed another domain controller to dc5.

Picking up problems on one of the root dc's where it keeps the serverreference attribute as the old dc's name. Thought this would be easy...

dcdiag throwing machine account errors. have already done a dcdiag /fixmachineaccount

* LIB-DC5-JHB Server Reference is incorrect! Should be CN=LIB-DC5-JHB1,OU=Domain Controllers,DC=something,DC=fin-za,DC=net, and is CN=LIB-DC5-JHB,OU=Domain Controllers,DC=something,DC=fin-za,DC=net.

ldap_search_sW failed with 2: The system cannot find the file specified.

......................... LIB-DC5-JHB failed test MachineAccount

When I go into adsiedit on the root dc and try and change the serverreference attribute it defaults back to the old name.
0
Comment
Question by:Nelesh_N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33462481
Its never as easy as that, although it should be...

here is a great article on achieving what you need ;

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/72d5eda0-7185-4f97-a1cf-7952c12dc786
0
 
LVL 70

Expert Comment

by:KCTS
ID: 33462815
Did you actually demote the old DC5 before it was removed?
If so then a simple DCDIAG /fix may solve the problem
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33463571
Yes I did do a demotion to a member server. Will try.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 1

Author Comment

by:Nelesh_N
ID: 33463686
nope doesnt work.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33464416
only one of the three root dc's that I have is picking up this problem.
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33469701
What if you change the name to something else?

Then possibly change it back?

Strange one this.
0
 
LVL 3

Expert Comment

by:pmaribeiro
ID: 33473414
This server had FSMO roles and did you moved them?
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33474450
Yes they were moved...
0
 
LVL 3

Expert Comment

by:pmaribeiro
ID: 33474857
You need to go to AD sites and services, enter in the site where DC5 was and remove all entries about him.
Then do the same on the DNS and AD users and computers on the domain controllers container.

I would suggest to give a different name, because sometimes conflicts may ocur with some objects that may have be with the ID of the demoted DC.

So if you can try to change it.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33496096
So the problem is that there was a lib-dc5-jhb already in the environment, then a lib-dc5-jhb1 was introduced. The second machine is a hardware replacement for lib-dc5-jhb. I then did the dcpromo to remove lib-dc5-jhb - all went successfully. Then I renamed lib-dc5-jhb1 to lib-dc5-jhb. This is where the problem lies, I dont think AD likes the reuse of machine names. If I do a ntdsutil I dont see any refernce to lib-dc5-jhb1 but if I go to sites and services on another dc which happens to hold fsmo roles and is in the root. Go to sites and services, if I go to properties on lib-dc5-jhb I still see the server name as lib-dc5-jhb1. If I try to change the serverreference in adsiedit it defaults back to lib-dc5-jhb1. Why it must be pulling this info from somewhere, I also looked at DNS and cannot find any reference to lib-dc5-jhb1...
0
 
LVL 1

Accepted Solution

by:
Nelesh_N earned 0 total points
ID: 33624216
Ended up removing LIB-DC5-JHB... fixed my problem will reintroduce as another dc.
0
 
LVL 3

Expert Comment

by:pmaribeiro
ID: 33624860
Its the best solution because even if you remove all entries as stated there the possibility the remainings of the old SID lying arround and will create enough problems with the same name. If seen this too often and normally the best solution is to rename to a new name. Because the time consuming to solve AD issues sometimes is extremely high.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question